As the backbone of the defense industrial base sector, the military shipbuilding industry is entrusted with the critical responsibility of equipping, informing, and supporting military forces. This inherently makes it a high-value target for cyber adversaries aiming to disrupt, degrade, or illicitly acquire sensitive information.  

Consequently, understanding the intricacies of cyber threats and implementing robust security protocols is not just a mandate—it’s a prerequisite for the sector’s operational integrity and, by extension, the country’s defense posture. 

 This article aims to explore this subject in three key dimensions comprehensively.  

• Firstly, we’ll delve into the technical aspects of cyberattacks, detailing cyber adversaries’ tactics, techniques, and procedures, and the common vulnerabilities they exploit in the military shipbuilding industry. 
• Secondly, we’ll analyze two recent cyberattacks on US military shipbuilders—Fincantieri Marinette Marine and Huntington Ingalls Industries—as case studies. 
• Lastly, we will lay out some of the best practices that organizations in this sector can adopt to fortify their cyber defenses and effectively respond to cyberattacks. 

 Through this multi-faceted analysis, we aim to contribute to the ongoing dialogue about securing critical infrastructures in the face of evolving cyber threats. 

Understanding the Threat Landscape 

The defense industrial base sector, in general, faces a broad array of cyber threats, with adversaries ranging from nation-state actors to criminal networks. These threats manifest in different forms, each with its unique implications:  

• Advanced Persistent Threats (APTs): These are typically associated with nation-state actors and are characterized by their long-term approach. They often infiltrate a system and lie dormant until activated for a specific task.
• Ransomware: This malicious software is designed to encrypt a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. According to recent reports, 70% of incident response cases over the past year involved ransomware or business email compromise (BEC). 
• Phishing: This attack often involves sending deceptive emails to trick employees into revealing sensitive information or installing malware. As our networks become more interconnected—with 65% of security professionals reporting increased interconnection in their networks—this threat becomes more potent. 

To execute these attacks, adversaries employ various tactics, techniques, and procedures (TTPs). 

For instance, they often leverage spear-phishing emails for initial access, then exploit software vulnerabilities for privilege escalation. Once they establish a foothold, they use techniques like lateral movement to navigate the network, and data exfiltration methods to steal valuable information. 

Unfortunately, there are numerous vulnerabilities that these adversaries can exploit. These range from technical weaknesses, such as outdated software and unpatched systems, to human factors like poor password hygiene and a lack of cybersecurity awareness among staff. 

In many cases, these vulnerabilities are exploited in combination, making the threat landscape even more complex and challenging to navigate. 

Case Study 1: Fincantieri Marinette Marine 

The cyberattack on Fincantieri Marinette Marine serves as a sobering case study for the military shipbuilding industry. 

On April 12, 2023, this shipyard, crucial for producing the US Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate, fell victim to a ransomware attack​. 

The attackers targeted servers that held data used to feed instructions to the shipyard’s computer numerical control manufacturing machines, effectively knocking these critical devices offline for several days. 

In the aftermath of the attack, Fincantieri Marinette Marine acted swiftly. 

The company’s network security officials immediately isolated systems and reported the incident to relevant agencies and partners. Additional resources were brought in to investigate the attack and to restore full functionality to the affected systems as quickly as possible. While certain operations remained offline for some time, repair and construction operations were able to continue at all three US shipyards.  

This attack underscores several important lessons for the sector since it: 

1. Demonstrates the vulnerability of operational technology (OT) systems – in this case, the CNC-enabled machines – to cyber threats. 
2. Highlights the importance of rapid response and recovery strategies in minimizing the impact of a cyberattack. 
3. Serves as a stark reminder that even seemingly well-protected and critical organizations are not immune to sophisticated cyber threats.

The defense industrial base sector, as a whole, must take these lessons to heart and adapt its defenses accordingly. 

Case Study 2: Huntington Ingalls Industries 

The military shipbuilding industry experienced another significant cyber breach involving Huntington Ingalls Industries, Inc. (HII). The company, based in Newport News, Virginia, plays a vital role in military shipbuilding and provides related support services. 

Huntington Ingalls Industries reported that between March and May 2022, an unauthorized party gained access to certain file storage systems. This breach resulted in the exposure of a substantial amount of confidential consumer information. 

In response to this discovery, Huntington Ingalls Industries took decisive steps to mitigate the damage. They began by identifying the affected files to determine the extent of the information compromised and who was impacted.  

On April 18, 2023, the company sent out data breach notification letters to all individuals whose information was compromised as a result of the security incident. 

 Key lessons learned from the Huntington Ingalls Industries breach include: 

1. The importance of securing both informational and operational technology (IT & OT) systems that store sensitive data. 
2. Awareness of the potential breadth of compromised data that can be accessed during a single breach. 
3. The critical nature of a timely response and effective notification processes in the aftermath of a breach. 

These lessons reiterate the need for robust cybersecurity measures to prevent unauthorized access, detect breaches quickly, and mitigate their impacts swiftly. 

Best Practices for Cybersecurity in the Defense Industrial Base Sector 

Maintaining a secure cyber environment in the defense industrial base sector is a complex task. Yet, there are some best practices that can help companies better protect themselves from cyberattacks. 

• Strong Security Measures: One of the first lines of defense is to ensure strong security measures are in place. This includes firewalls, intrusion detection and prevention systems, and strong password policies. 
• Regular Cybersecurity Training: Employees should receive regular training on cybersecurity best practices and how to identify potential threats. This includes recognizing suspicious emails and understanding the importance of not clicking on unknown links or downloading suspicious attachments. 
• Use of Multifactor Authentication: Multifactor authentication can provide an additional layer of security by requiring users to provide two or more forms of identification before gaining access to systems. Fact: 50% of targeted organizations lacked multifactor authentication on key internet-facing systems. 
• Regular Audits and Penetration Testing: Regular audits and penetration tests can help identify vulnerabilities in systems and processes. These tests mimic the tactics used by cybercriminals to find weak points that could be exploited. 
• System Patching: Up to 60% of breach victims were aware that a patch was available but did not apply it, leading to preventable data breaches. Regular system updates and patching, although sometimes neglected, are critical for cybersecurity. 

 In the unfortunate event of a cyberattack, companies should have a response plan in place. This plan should include:  

• Immediate Response: The immediate response to a cyberattack should be to contain the attack and prevent further damage. This could involve disconnecting affected systems from the network. 
• Investigation: Once the attack has been contained, an investigation should be conducted to understand how the attack occurred and what information was compromised. 
• Remediation: Following the investigation, remediation efforts should be made to secure the systems and prevent a similar attack from happening in the future. This might involve patching vulnerabilities, changing passwords, or implementing new security measures. 
• Communication: Throughout the process, communication is key. Stakeholders should be kept informed about the situation, and if customer data was compromised, those affected should be notified as soon as possible.

These best practices are not exhaustive, but they provide a solid foundation for cybersecurity in the sector. Adhering to them can help organizations protect their assets, their employees, and their customers.  

Conclusion 

Upon analyzing the cyber landscape of the defense industrial base sector, particularly the military shipbuilding industry, we observe several significant points:  

• The scale and impact of these attacks on Fincantieri Marinette Marine and Huntington Ingalls Industries emphasize the severity of the threats faced. In fact, some ransom demands in the world have even reached as high as $30 million. 
• Cybercriminals have used sophisticated methods in their attacks, including malware that disrupted manufacturing processes, and unauthorized access that compromised sensitive consumer data.  
• The aftermaths varied, but each instance emphasized the importance of a rapid response and the need for robust remediation processes. 
• The lessons learned from these incidents highlight the crucial need for securing both IT & OT systems and the importance of timely notifications.

In terms of best practices, security measures such as firewalls, regular patching, and multi-factor authentication are essential. Regular employee cybersecurity training, consistent audits, and penetration testing can further bolster defenses. A well-defined response plan, including immediate action, investigation, remediation, and clear communication, is paramount in the event of an attack.  

Interested in learning the latest techniques to secure your organization against cyber threats? Explore CIP Cyber Training & Certifications.